Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Active Directory Integration



  • Do you have some more detailed documentation for AD integration? When I go to the Add Privilege window and I enter a letter or two and nothing ever comes back, it says searching... Or are there some logs a person can look through somewhere? We'd like to use the product but we need to get the AD integration piece working to pass some security concerns.

    Product: ProGet
    Version: 3.8.6



  • IT should "just work", so I would check (1) are there javascript errors, (2) are there errors in the ProGet error log?

    If not, then it's most likely that there are simply no results returned, which means the PRoget service user account does not have sufficient privileges to enumerate the domain.



  • In a perfect world it just work but we don't work there.

    I think it might be more of a problem with ProGet and the way it queries AD while I’m attempting to configure AD integration. When I attempt to configure the server to use Active Directory with Multiple Domains I have to add a principal which is essentially a domain local group. I’m attempting to add a specific domain local group to be a principal that I can assign privileges to and the server just sits and spins. I can query the same domain local group in the AD Users and Computers admin tool and it returns the group very quickly.

    I was able to set up the same application in my domain at home and get AD integration working in a matter of minutes but my domain only has one DC and a few systems in it.

    This server is a member of the same domain that the domain local group exists in.



  • If you're seeing that behavior, I would check for JavaScript/browser errors (it could be related to that... and just simply not timing out), as well as the ProGet error log.

    Unfortunately the multi-domain configuration is very complex; there are a lot of settings and considerations, like one-way trusts, transitive trusts, legacy/netbios settings, and it's possible we simply aren't counting for one of the endless scenarios out there.

    There is a hidden debug page you can visit, /debug/integrated-auth, which will provide some information about the current configuration, trusts, and those sortso f things.

    We may create a stand-alone tool to assist with debugging active directory issues, but in the mean time, we can offer the source code for the Multi-Domain user directory (you can also use reflector to look at it) so you can try to identify if the issue is our code (in which case, we would love to fix it!), or in your domain config.



  • Does this mean anything to you?

    IntegratedAuthEnabled:	False
    LOGON_USER:		
    ---------
    Current User Directory:
    Built-In
    ---------
    DomainId was parsed as null, cannot search for user.


  • After updating to the latest release we now get the following error when attempting to integrate with AD.

    Server Error in '/' Application.

    Unable to find control id 'ctl17' referenced by the 'ControlToValidate' property of ''.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Web.HttpException: Unable to find control id 'ctl17' referenced by the 'ControlToValidate' property of ''.

    Source Error:

    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:

    [HttpException (0x80004005): Unable to find control id 'ctl17' referenced by the 'ControlToValidate' property of ''.]
    System.Web.UI.WebControls.BaseValidator.CheckControlValidationProperty(String name, String propertyName) +11769104
    System.Web.UI.WebControls.BaseValidator.ControlPropertiesValid() +51
    System.Web.UI.WebControls.BaseValidator.OnPreRender(EventArgs e) +57
    System.Web.UI.Control.PreRenderRecursiveInternal() +107
    System.Web.UI.Control.PreRenderRecursiveInternal() +204
    System.Web.UI.Control.PreRenderRecursiveInternal() +204
    System.Web.UI.Control.PreRenderRecursiveInternal() +204
    System.Web.UI.Control.PreRenderRecursiveInternal() +204
    System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +7675

    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.114.0



  • I assume that error message from v4.0.5? We just released (about an hour ago) v4.0.6 which contains a fix for that particular page.

    If you still want to use Forms Authentication with credentials from AD, then that debug info is unrelated. To configure a domain different than the one the ProGet server is installed on, you'll want to visit the hidden page:

    http://{proget-server}/administration/security/configure-directory?directoryId=3
    

    This will allow it to search a different domain in addition to the one of the machine it's on, and will also include all Forest trusts. At some point it will also include any domains with in-bound trusts, but it does not include currently (there's never been demand for more than the one you specify in the AdditionalDomainName field).

    Note: If you are trying to use Integrated Authentication (i.e. auto-login as current Windows user) as well, the debug info implies that the server's LOGON_USER variable was not present, which means in IIS that Windows Authentication is not enabled, which is required to use Integrated Auth. Also make sure to disable Anonymous Authentication for the site as well.



  • I get the following error in the event log when attempting to add privileges so we can attempt to use AD integration.

    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 2/12/2016 11:06:55 AM
    Event time (UTC): 2/12/2016 5:06:55 PM
    Event ID: 2ccad27766d94c78a777699e1be1bd94
    Event sequence: 3
    Event occurrence: 2
    Event detail code: 0

    Application information:
    Application domain: /LM/W3SVC/3/ROOT-2-130997698356680052
    Trust level: Full
    Application Virtual Path: /
    Application Path: D:\Program Files\ProGet\WebApp\
    Machine name: SEVERNAME

    Process information:
    Process ID: 4768
    Process name: w3wp.exe
    Account name: DOMAIN\serviceAccount

    Exception information:
    Exception type: DirectoryServicesCOMException
    Exception message: A local error has occurred.

    at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_AdsObject()
    at System.DirectoryServices.PropertyValueCollection.PopulateList()
    at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
    at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.GetNetbiosDomainName(String dnsDomainName)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.CreateSearcher(String domain)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.<FindPrincipalsInternal>d__24.MoveNext()
    at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeList(JsonWriter writer, IEnumerable values, JsonArrayContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeValue(JsonWriter writer, Object value, JsonContract valueContract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeValue(JsonWriter writer, Object value, JsonContract valueContract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value, Type objectType)
    at Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value, Type objectType)
    at Inedo.Web.Handlers.JsonDataHttpHandler.SyncHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Request information:
    Request URL: http://localhost:81/0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.PrincipalPicker/FindPrincipals?directoryId=3&filter=GG=&principalTypes=3&_=1455296806190
    Request path: /0x44/ProGet.WebApplication/Inedo.ProGet.WebApplication.Controls.PrincipalPicker/FindPrincipals
    User host address: ::1
    User: Admin
    Is authenticated: True
    Authentication Type:
    Thread account name: DOMAIN\serviceAccount

    Thread information:
    Thread ID: 14
    Thread account name: DOMAIN\serviceAccount
    Is impersonating: False
    Stack trace: at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
    at System.DirectoryServices.DirectoryEntry.Bind()
    at System.DirectoryServices.DirectoryEntry.get_AdsObject()
    at System.DirectoryServices.PropertyValueCollection.PopulateList()
    at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
    at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.GetNetbiosDomainName(String dnsDomainName)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.CreateSearcher(String domain)
    at Inedo.ProGet.WebApplication.Security.UserDirectory.MultiDomainActiveDirectory.<FindPrincipalsInternal>d__24.MoveNext()
    at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeList(JsonWriter writer, IEnumerable values, JsonArrayContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeValue(JsonWriter writer, Object value, JsonContract valueContract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeObject(JsonWriter writer, Object value, JsonObjectContract contract, JsonProperty member, JsonContainerContract collectionContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.SerializeValue(JsonWriter writer, Object value, JsonContract valueContract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerProperty)
    at Newtonsoft.Json.Serialization.JsonSerializerInternalWriter.Serialize(JsonWriter jsonWriter, Object value, Type objectType)
    at Newtonsoft.Json.JsonSerializer.SerializeInternal(JsonWriter jsonWriter, Object value, Type objectType)
    at Inedo.Web.Handlers.JsonDataHttpHandler.SyncHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
    at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

    Custom event details:



  • It looks like the underlying error is, DirectoryServicesCOMException: A local error has occurred.

    It's obviously not helpful at all, but in searching for that exact text, there are so many things that it seems to be, or could be. I would suggest to search for that error and see what is relavent, and what isn't.

    There are so many suggestions on how to fix it, from improperly configured AD permissions to obscure 2008R2-only settings.



Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation